Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Re: Use placeholders. For SECURITY!

by jdtoronto (Prior)
on Nov 14, 2003 at 15:00 UTC ( #307060=note: print w/ replies, xml ) Need Help??


in reply to Re: Use placeholders. For SECURITY!
in thread Use placeholders. For SECURITY!

And I can tell you of a number of large systems which are web based that have a problem with that! In one case I know of you put an apostrophe in an email address and the Carp output will then give you a clue to the 'backdoor' super-user type access into the system without having to authenticate.

All for the sake of the most simple untainting. Whether it is a valid email address or not - an apostrophe is not permitted in an email address! Fortunately the data on the system is not extremely valuable. It is an email autoresponder system which handles a lot of marketting email. But then again I did wonder how an address of mine that was in somebody's newsletter list suddenly started getting spam. I suspect the spammers have been in through the back door and downloaded all the lists out of the system.

jdtoronto


Comment on Re: Re: Use placeholders. For SECURITY!
Re: Use placeholders. For SECURITY!
by Abigail-II (Bishop) on Nov 14, 2003 at 15:49 UTC
    an apostrophe is not permitted in an email address!
    It is: "'"@example.com is valid syntax.

    Abigail

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://307060]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (14)
As of 2014-09-19 15:50 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (142 votes), past polls